Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Installation Script is sensitive to bash syntax characters in password #294

Open
ForestJohnson opened this issue Oct 13, 2021 · 2 comments
Open

Installation Script is sensitive to bash syntax characters in password #294

ForestJohnson opened this issue Oct 13, 2021 · 2 comments
Labels
bug

Comments

@ForestJohnson
Copy link

ForestJohnson commented Oct 13, 2021
edited
Loading

Describe the bug

My friend was trying to set up mattermost on yunohost and they encountered an issue where the bash install script interpreted a character that they typed into their password as syntax. They were eventually identify the problematic character as ( but I know there are probably mulitple ways this can go bad in bash.

mattermost_ynh/scripts/install

Line 31 in 19024d2

password=$YNH_APP_ARG_PASSWORD

...

mattermost_ynh/scripts/install

Line 173 in 19024d2

ynh_exec_warn_less ynh_exec_as $app bin/mattermost user create --username "$admin" --email "$email" --password "$password" --locale "$language" --system_admin

Context

  • Hardware: Raspberry Pi3 at home
  • YunoHost version: V 4.2.8.3
  • I have access to my server: Through SSH, through the webadmin, and direct access via keyboard
  • Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: yes
    • If yes, please explain: "No tweaking that I recall, although special context is using a .local domain"
  • Using, or trying to install package version/branch: YunoHost-Apps/mattermost_ynh 5.39.0-ynh1

Steps to reproduce

Install mattermost for yunohost
enter the password (i_like_eggs

Expected behavior

It works 😇

Logs

They posted this log in chat channel:

2021-10-13 18:01:51,044: DEBUG - /var/www/mattermost /var/cache/yunohost/app_tmp_work_dirs/app_j2vv0kq9/scripts 

2021-10-13 18:01:51,046: DEBUG - + ynh_exec_warn_less ynh_exec_as mattermost bin/mattermost user create --username yunoadminator --email [email protected] --password '**********' --locale en --system_admin 

2021-10-13 18:01:51,048: DEBUG - + eval ynh_exec_as mattermost bin/mattermost user create --username yunoadminator --email [email protected] --password '**********' --locale en --system_admin 

2021-10-13 18:01:51,050: DEBUG - /usr/share/yunohost/helpers.d/logging: eval: line 142: syntax error near unexpected token`('
@ForestJohnson
Copy link
Author

I'm pretty sure that shellcheck catches these kinds of errors;

https://www.shellcheck.net/

here's an example:

 
Line 30:
email=$(ynh_user_get_info --username=$admin --key=mail)
                                     ^-- SC2086 (info): Double quote to prevent globbing and word splitting.

https://github.com/koalaman/shellcheck/wiki/SC2086

@ForestJohnson ForestJohnson changed the title Installation Script is sensitive to bash syntax characters. Installation Script is sensitive to bash syntax characters in password Oct 13, 2021
kemenaran added a commit that referenced this issue Nov 1, 2021
@kemenaran
scripts: allow bash control characters in passwords
b996c52 
Fix #294
@keomabrun
Copy link

yop, same here, got the same error when using a password that contained a " symbol.

@kemenaran kemenaran added the bug label Dec 26, 2021
@ericgaspar ericgaspar mentioned this issue Mar 1, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kemenaran @ForestJohnson @keomabrun